The credentials for my project on GCP were automatically rotated. I use them on Gitlab as pipeline variables to deploy the updates. I updated the variables (url and certificate authority) but now the deploy is giving an error asking to provide credentials. Do I have to change the TOKEN as well (see pipeline below)? I don’t even know where to find the gitlab-admin user (it’s not in IAM or Service Accounts).
I have no experience with kubernetes and little with GCP. This was setup before I came into this project and currently we don’t have anyone to manage this. I’m pretty lost here.
Any help would be appreciated!
Gitlab pipeline:
deploy_k8s_uat:
stage: deploy-uat
only: [uat] #build and push images only for stating branch commits
image: google/cloud-sdk:latest
environment:
name: staging
script:
- kubectl config set-cluster k8s --server=“${KUBE_URL}” --certificate-authority=“${KUBE_CA}”
- kubectl config set-credentials gitlab-admin --token=“${KUBE_TOKEN}”
- kubectl config set-context default --cluster=k8s --user=gitlab-admin --namespace=uat
- kubectl config use-context default
- kubectl config view
- kubectl cluster-info
- sed -i “s#IMAGETAG#${LOWERCASE_CONTAINER_IMAGE_WEBSERVER}#g” kubernetes/server.yaml
- sed -i “s#ENVIRONMENT#prod#g” kubernetes/server.yaml
- kubectl apply -f kubernetes/server.yaml
- kubectl rollout status -n uat -w “deployment/sensor-staging-server-deployment”
- sed -i “s#IMAGETAG#${LOWERCASE_CONTAINER_IMAGE_WEBSERVER}#g” kubernetes/server-teresa.yaml
- sed -i “s#ENVIRONMENT#prod#g” kubernetes/server-teresa.yaml
- kubectl apply -f kubernetes/server-teresa.yaml
- kubectl rollout status -n uat -w “deployment/sensor-staging-server-deployment-teresa”
when: manual
Deployment log:
$ kubectl cluster-info
E0203 10:59:31.740402 42 memcache.go:265] couldn’t get current server API group list: the server has asked for the client to provide credentials
E0203 10:59:32.001373 42 memcache.go:265] couldn’t get current server API group list: the server has asked for the client to provide credentials
E0203 10:59:32.266110 42 memcache.go:265] couldn’t get current server API group list: the server has asked for the client to provide credentials
E0203 10:59:32.528532 42 memcache.go:265] couldn’t get current server API group list: the server has asked for the client to provide credentials
E0203 10:59:32.790974 42 memcache.go:265] couldn’t get current server API group list: the server has asked for the client to provide credentials
To further debug and diagnose cluster problems, use ‘kubectl cluster-info dump’.
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1